DU 4.0b and C2 security ... from Thomas Leitner on 1997-05-10 (tru64-unix-managers)

From: Thomas Leitner <tom_at_finwds01.tu-graz.ac.at>
Date: Sat, 10 May 1997 10:25:53 +0200 (MET DST)

Hi,

I'm subscribed to the Windows NT security mailing list as well and
I've read an interesting paragraph about C2 security there:

> From: David LeBlanc <dleblanc_at_iss.net>
> Cc: ntsecurity_at_iss.net
> Subject: Re: [NTSEC] C2 compliance
>
> At 13:49 5/7/97 -0400, you wrote:
> > Somebody told me that the C2 compliance NT claims is only for a NT
> > machine without network and without a floppy disk. Is this true? A
> > network card or floppy disk destroys C2 compliance?
>
> I really hope this is in the FAQ. Here's the whole story:
>
> 1) NT is only really C2 on 2 pieces of hardware, and that's only NT 3.5, SP3.
> 2) It is true you can't have a network, but there isn't an eval program for
> network C2 (AFAIK). It is not true you can't have a floppy or CD - you just
> have to control access to it, and can't boot from them.
>
> C2 on a network would mean stuff like running the network through gas-filled
> pipes, using fiber-optic everywhere, and NO connection to the outside world.
>
> So what's C2 really mean? Not much and a lot - all at once. I find it
> impressive that NT is only one of 2 OS's (OS/400 is the other) that can get
> C2 from a normal version.

[...]

So what about DU 4.0b in this context. I thought when installing enhanced
security I get a C2 certified, networked system. According to the
above statement, this does not seem to be the case and a C2 networked
system is apparently a contradiction in itself.

Can anybody shed some light on this and tell me in what environment
Digital Unix with enhanced security has been certified for C2?

Thanks -- Tom

--------------------------------------------------------------------------
T o m L e i t n e r Dept. of Communications
Graz University of Technology,
e-mail : tom_at_finwds01.tu-graz.ac.at Inffeldgasse 12
Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe
Fax : +43-316-463-697
Home page : http://wiis.tu-graz.ac.at/people/tom.html
PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send
mail with subject "get Thomas Leitner" to pgp-public-keys_at_keys.pgp.net
--------------------------------------------------------------------------
Received on Sat May 10 1997 - 10:43:25 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:36 NZDT